Lucene search
K

4 matches found

Snyk
Snyk
added 2026/02/02 8:12 p.m.3 views

Missing Validation of OpenSSL Certificate

Overview Affected versions of this package are vulnerable to Missing Validation of OpenSSL Certificate due to the default configuration of DefaultConfig where TLS certificate verification is disabled for outgoing storage driver communications. An attacker can intercept, decrypt, and manipulate al...

9.2CVSS5.5AI score0.00239EPSS
Exploits0References2
SUSE CVE
SUSE CVE
added 2023/02/15 3:29 a.m.2 views

SUSE CVE-2022-21654

Envoy is an open source edge and service proxy, designed for cloud-native applications. Envoy's tls allows re-use when some cert validation settings have changed from their default configuration. The only workaround for this issue is to ensure that default tls settings are used. Users are advised...

9.8CVSS7.7AI score0.01061EPSS
Exploits0References3
RedHat Linux
RedHat Linux
added 2018/05/02 10:13 p.m.5 views

OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

4.2CVSS7.3AI score0.0541EPSS
Exploits0References4
RedHat Linux
RedHat Linux
added 2018/04/23 5:15 p.m.6 views

OpenJDK: RMI HTTP transport enabled by default (RMI, 8193833)

Vulnerability in the Java SE, JRockit component of Oracle Java SE subcomponent: RMI. Supported versions that are affected are Java SE: 6u181, 7u171 and 8u162; JRockit: R28.3.17. Difficult to exploit vulnerability allows unauthenticated attacker with network access via multiple protocols to...

4.2CVSS7.3AI score0.0541EPSS
Exploits0References4
Rows per page
Query Builder